Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/10/2014
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Alleged Russian Cyber-Criminal Now Charged in 40-Count Superseding Indictment

New counts emerge.

A federal grand jury in Seattle returned a second superseding indictment late yesterday charging a Russian national with 11 additional counts and further detailing his alleged scheme to hack into businesses and steal credit card information for later sale over the Internet on “carding” websites. 

The now 40-count indictment alleges that Roman Valerevich Seleznev, aka “Track2,” 30, of Vladivostok, Russia, was involved in the theft and sale of more than 2 million credit card numbers.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and Acting U.S. Attorney Annette L. Hayes of the Western District of Washington made the announcement.

“The additions in this superseding indictment show how cybercriminals use the Internet not only to infiltrate and steal sensitive data, but also to teach other criminals how to navigate the credit-card selling underworld and get equipment that can be used to defraud U.S. citizens,” said Assistant Attorney General Caldwell.  “The Criminal Division is committed to investigating these thefts and uncovering the methods of computer hackers to stay one step ahead of them and bring them to face justice.”

“The charges returned by the grand jury detail a criminal scheme that continued right up until Mr. Seleznev’s arrest in July,” said Acting U.S. Attorney Hayes.  “As set forth in the indictment, the government expects to prove at trial that Seleznev was a leader in the marketplace for stolen credit card numbers, and even created a website offering a tutorial on how to use stolen credit card numbers to commit crime.”

The indictment charges Seleznev with 11 counts of wire fraud, nine counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.  Seleznev is currently scheduled for trial on Nov. 3, 2014, and will be arraigned on the new charges sometime next week. 

According to court documents, between October 2009 and October 2013, Seleznev allegedly hacked into retail point of sale systems and installed malicious software to steal credit card numbers from various businesses.  Seleznev allegedly created and operated the infrastructure to facilitate the theft and sale of credit card data, used servers located all over the world to facilitate his operation, and sold stolen credit card data on a website known as “2pac.cc.”

Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.  

The charges contained in the indictments are only allegations.  A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.

The case is being investigated by the U.S. Secret Service Electronic Crimes Task Force, which includes detectives from the Seattle Police Department.  The case is being prosecuted by Trial Attorney Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Norman M. Barbosa and Seth Wilkinson of the Western District of Washington.  The Office of International Affairs and the U.S. Attorney’s Office for the District of Guam provided substantial assistance in this case.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.